[Git][security-tracker-team/security-tracker][master] bookworm/bullseye triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu May 2 12:56:28 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2617d94c by Moritz Muehlenhoff at 2024-05-02T13:55:53+02:00
bookworm/bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2132,14 +2132,20 @@ CVE-2024-25624 (Iris is a web collaborative platform aiming to help incident res
 	NOT-FOR-US: Iris
 CVE-2024-25569 (An out-of-bounds read vulnerability exists in the RAWCodec::DecodeByte ...)
 	- gdcm <unfixed>
+	[bookworm] - gdcm <no-dsa> (Minor issue)
+	[bullseye] - gdcm <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1944
 CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Applicatio ...)
 	NOT-FOR-US: IBM
 CVE-2024-22391 (A heap-based buffer overflow vulnerability exists in the LookupTable:: ...)
 	- gdcm <unfixed>
+	[bookworm] - gdcm <no-dsa> (Minor issue)
+	[bullseye] - gdcm <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924
 CVE-2024-22373 (An out-of-bounds write vulnerability exists in the JPEG2000Codec::Deco ...)
 	- gdcm <unfixed>
+	[bookworm] - gdcm <no-dsa> (Minor issue)
+	[bullseye] - gdcm <no-dsa> (Minor issue)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2024-1935
 CVE-2024-22144 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: WordPress plugin
@@ -2826,6 +2832,8 @@ CVE-2024-31991 (Mealie is a self hosted recipe manager and meal planner. Prior t
 	NOT-FOR-US: Mealie
 CVE-2024-31584 (Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the  ...)
 	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
+	[bullseye] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6
 CVE-2024-30974 (SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to ...)
 	NOT-FOR-US: autoexpress
@@ -3443,15 +3451,23 @@ CVE-2023-4509 (It is possible for an API key to be logged in clear text in the a
 	NOT-FOR-US: Octopus Deploy
 CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <no-dsa> (Minor issue)
+	[bullseye] - ofono <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255402
 CVE-2023-4234 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <no-dsa> (Minor issue)
+	[bullseye] - ofono <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255399
 CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <no-dsa> (Minor issue)
+	[bullseye] - ofono <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255396
 CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
 	- ofono <unfixed>
+	[bookworm] - ofono <no-dsa> (Minor issue)
+	[bullseye] - ofono <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255394
 CVE-2024-3914 (Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a ...)
 	{DSA-5668-1}
@@ -3616,6 +3632,8 @@ CVE-2024-31585 (FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-
 	NOTE: Introduced by https://github.com/FFmpeg/FFmpeg/commit/81df787b53eb5c6433731f6eaaf7f2a94d8a8c80 (n5.1)
 CVE-2024-31583 (Pytorch before version v2.2.0 was discovered to contain a use-after-fr ...)
 	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
+	[bullseye] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2
 CVE-2024-31582 (FFmpeg version n6.1 was discovered to contain a heap buffer overflow v ...)
 	[experimental] - ffmpeg 7:7.0-1
@@ -3633,6 +3651,8 @@ CVE-2024-31581 (FFmpeg version n6.1 was discovered to contain an improper valida
 	NOTE: Fixed by https://github.com/ffmpeg/ffmpeg/commit/ce0c178a408d43e71085c28a47d50dc939b60196 (n7.0)
 CVE-2024-31580 (PyTorch before v2.2.0 was discovered to contain a heap buffer overflow ...)
 	- pytorch <unfixed>
+	[bookworm] - pytorch <no-dsa> (Minor issue)
+	[bullseye] - pytorch <no-dsa> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
 CVE-2024-31578 (FFmpeg version n6.1.1 was discovered to contain a heap use-after-free  ...)
 	[experimental] - ffmpeg 7:7.0-1
@@ -6281,6 +6301,8 @@ CVE-2023-52070 (JFreeChart v1.5.4 was discovered to be vulnerable to ArrayIndexO
 	NOT-FOR-US: Disputed JFreeChart issue
 CVE-2023-2794 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
 	- ofono <unfixed> (bug #1069679)
+	[bookworm] - ofono <no-dsa> (Minor issue)
+	[bullseye] - ofono <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255387
 	NOTE: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=a90421d8e45d63b304dc010baba24633e7869682
 	NOTE: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=7f2adfa22fbae824f8e2c3ae86a3f51da31ee400
@@ -14051,6 +14073,8 @@ CVE-2023-6821 (The Error Log Viewer by BestWebSoft WordPress plugin before 1.1.3
 CVE-2023-41334 (Astropy is a project for astronomy in Python that fosters interoperabi ...)
 	{DLA-3803-1}
 	- astropy 5.3.3-1
+	[bookworm] - astropy <no-dsa> (Minor issue)
+	[bullseye] - astropy <no-dsa> (Minor issue)
 	NOTE: https://github.com/astropy/astropy/security/advisories/GHSA-h2x6-5jx5-46hf
 	NOTE: https://github.com/astropy/astropy/commit/22057d37b1313f5f5a9b5783df0a091d978dccb5 (v5.3.3)
 CVE-2024-26641 (In the Linux kernel, the following vulnerability has been resolved:  i ...)
@@ -21073,6 +21097,7 @@ CVE-2024-1669 (Out of bounds memory access in Blink in Google Chrome prior to 12
 CVE-2024-1481 (A flaw was found in FreeIPA. This issue may allow a remote attacker to ...)
 	{DLA-3773-1}
 	- freeipa <unfixed> (bug #1065106)
+	[bookworm] - freeipa <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2262169
 	NOTE: https://pagure.io/freeipa/issue/9541
 	NOTE: ipa-4.10: https://pagure.io/freeipa/c/921661fd460799da69043e06e058cff75a64ce3c
@@ -80685,6 +80710,8 @@ CVE-2023-26794
 	RESERVED
 CVE-2023-26793 (libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in re ...)
 	- libmodbus <unfixed>
+	[bookworm] - libmodbus <no-dsa> (Minor issue)
+	[bullseye] - libmodbus <no-dsa> (Minor issue)
 	NOTE: https://github.com/stephane/libmodbus/issues/683
 CVE-2023-26792
 	RESERVED



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2617d94c71edd7a4790297c89a74ca5f78c075a3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2617d94c71edd7a4790297c89a74ca5f78c075a3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240502/8a76277d/attachment.htm>

More information about the debian-security-tracker-commits mailing list